\section{Conclusion}
\label{sec:Conclusion}

This paper proposes an approach for securing Java-based business applications using security policies. Our approach cleanly separates between security and business concerns, allowing the separate development and specification of business and security aspects. It also enables the specification of fine-grained contextual permissions and obligations and supports their management, enforcement and their update at runtime. We have demonstrated the expressiveness of our security policy language using a comprehensive example and validated our approach by using it to secure two different systems. %Although the previously mentioned features are not new when considered separately, this is in the best of our knowledge one of the first time they are combined together to form an \textsc{Mde} solution to non-intrusively enforce security policies in a legacy application.
We have identified some limitations of our framework, namely its scalability when the number of activated obligations in the system increases. Therefore, we plan to study optimization techniques to improve the tool's performance. We also intend to provide support for more advanced usage controls and more Java data structures. %We demonstrated how our Security Rules languages allow specification of a large variety of policies, including action-based and state-based permissions, obligations and prohibitions. We also showed how fine-grained contexts can be defined: by extracting a minimal meta-representation of the application's and policy rules' dynamic state, a user can define security rules contexts relying on instances field values, or operations parameter values. This enables the definition of obligations depending on other obligations' state, which is particularly useful for defining ``countermeasures'' when abnormal situations are detected. 

%\SAR explicitly represents information from both the business and security sides, but also a minimal representation of their runtime. One of the key limitations of \textsc{Mds} framework is the scalability of the decision engine for an approach using Aspect-Oriented instrumentation of legacy code: before granting access to a resource, which technically corresponds to authorizing a method (or a set of methods) to execute, the \textsc{Pdp} has to compute the decision, but in a reasonable time to not ``freeze'' the application. We evaluated our framework with respect to this crucial question, thus validating our approach for reasonable applications. 

%Although our \SAR approach seems promising in terms of the framework capabilities and decision performances, we are aware that a validation for other critical aspects is crucial, and we intend to address some of them in the near future. For example, we plan to study optimization techniques to improve the \textsc{Pdp} response time (e.g., memoization and refactoring techniques), as well as techniques for reducing classical performance bottlenecks \cite{KatebMTHX12}. We would also like to integrate more usage controls and study the applyication of our approach on targets other than Java code, such as component-based systems.


%Policy specification and enforcement are the best explored in this paper. However, dynamically updating policies, either because organization regulations are changed or for preventing undesired users behaviors, as well as detecting the induced side-effects of such an update, is another crucial point. Ideally, it should occur without having to stop the framework from running, but rather by simply redeploying policy rules runtime state to reflect the new configuration. \SAR already offers a good infrastructure that clearly separates both worlds. Also, precisely identifying our approach's exact limitations in a comprehensive study is ongoing work, and requires bigger applications with larger security policies. We are currently studying test generation from policies, hoping this helps testing the framework. 

